Main Area and Open Discussion > General Software Discussion

BrowserID - Mozilla's solution to the password problem

<< < (4/6) > >>

justice:
There's real confusion about BrowserID. The website popup is a stopgap. Browser vendors and email providers will implement a key exchange system so that sites can ask the email provider if the person using the browser is a certain identity. With browser and email provider support,  all you need to do once it is setup is click the sign in button and cryptographically things get checked and you get logged in. This will be a password replacement that is more secure than the current systems, easier to use than openid, and not any more privacy threathening then any login system. at the moment the BrowserID popup is an stopgap.

If you want to read common misconceptions check this thread:
http://news.ycombinator.com/item?id=2764824

How browserid differs from openid:
http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid

How browserid works from a technical perspective:
http://lloyd.io/how-browserid-works

wraith808:
What is the advantage of BrowserID over OpenID?
-wraith808 (July 16, 2011, 07:12 AM)
--- End quote ---

OpenID has been criticized in the past for its failure in solving certain security as well as privacy problems. For example, your OpenID provider tracks your activity every time you use its identity to log in any site. Supposedly, BrowserID solves this, but this is a new standard that has not been subjected to a thorough analysis, so the advantages may be a moot point.
-Lashiec (July 16, 2011, 07:41 AM)
--- End quote ---

If you're concerned about that, you can easily set yourself up to be your own provider.

And reading that differences between the two, I actually don't like any of their talking points.  I don't *want* my information, even my e-mail, associated with my login.  I want the login dialog to come from my domain, rather than some other location I don't control.  And as my own provider, I don't have to worry about the tracking part.

Deozaan:
NECRO THREAD REVIVAL!

Well, it's been a couple of years since BrowserID was first introduced. But I stumbled across this thread again today while looking for information about OpenID and looked into BrowserID. Apparently it's now called Persona.

More technical details about it can be found here: https://developer.mozilla.org/en-US/Persona

Any new opinions on the matter since this was originally discussed 2.5 years ago?

TaoPhoenix:

Well, it's been a couple of years since BrowserID was first introduced. But I stumbled across this thread again today while looking for information about OpenID and looked into BrowserID. Apparently it's now called Persona.

More technical details about it can be found here: https://developer.mozilla.org/en-US/Persona

Any new opinions on the matter since this was originally discussed 2.5 years ago?
-Deozaan (January 03, 2014, 07:10 PM)
--- End quote ---

Well, for me it at least some FF add-ons cause interference. (I don't know which ones; I blanket turned them all off and got it to work.)

Meanwhile, it doesn't seem to be supported anywhere, so it's like a "toy" that I can't even try out.

But overall trying to tie all authentication into the browser feels just a little fishy somehow.

I also don't know what it means that some sites are using the email address AS the ID!

Deozaan:
I tried it out and found that you can link multiple email addresses to the same Persona. And then you can login to sites using any one of those addresses you want. So you still don't necessarily have to give out your primary address to login. I think I'd like it a lot more if it was more widely used. But like you said, it's used virtually nowhere, so it's kind of worthless. )c:

Navigation

[0] Message Index

[#] Next page

[*] Previous page